Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] saving decoded ssl packets back to libpcap format

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Hans Nilsson" <hasse_gg@xxxxxxxx>
Date: Tue, 21 Nov 2006 09:07:56 -1100
I know there's a program called SSLDump, maybe that could be used?
http://www.rtfm.com/ssldump/

On Tue, 21 Nov 2006 10:22:38 -0500, "Kenneth Hunt"
<kenneth.hunt.b@xxxxxxxxx> said:
> OK... I worked on this yesterday, and I think the answer involves 
> text2pcap which can read in hex dumps of packets... my theory is that 
> decoding the packets and saving them in the interim format means I can 
> pull them back in. decoded... anyone else think this is possible?
> 
> Can anyone confirm this is the right approach? I think I'm missing the 
> correct switches on the commandline when writing the packets to a file:
> 
> tshark -x -r rsasnakeoil2.cap -o "ssl.keys_list: 
> 127.0.0.1,443,http,./rsasnakeoil2.key" -o "ssl.debug_file:
> ./ssldebug.txt" 
> -w out.cap
> 
> all I get is the encoded packet stream in the .cap file.
> 
> Kenneth Hunt
> Bayer Corporate and Business Services LLC
> North America Information Technology 
> IS Analyst
> http://www.linkedin.com/in/kennethhunt
> 
> 
> 
> 
> "deepali goel" <deepaligoel2003@xxxxxxxxx> 
> Sent by: wireshark-users-bounces@xxxxxxxxxxxxx
> 11/20/2006 11:45 PM
> Please respond to
> Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
> 
> 
> To
> "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
> cc
> 
> Subject
> Re: [Wireshark-users] saving decoded ssl packets back to libpcap format
> 
> 
> 
> 
> 
> 
> i know the contents of my packet but cant see the packet flowing in the 
> traffic captured??
> 
> On 11/21/06, Kenneth Hunt <kenneth.hunt.b@xxxxxxxxx> wrote: 
> 
> I can open the sample file snakeoil2.tgz  in the wiki: 
> http://wiki.wireshark.org/SSL 
> 
> Is it possible to save the decoded packets back to libpcap format so I
> can 
> reopen it with out the SSL settings? 
> I am using 127.0.0.1,443,http,c:\rsasnakeoil2.key with the private key in 
> the root of my c drive. 
> 
> 
> 
> 
> Kenneth Hunt
> Bayer Corporate and Business Services LLC
> North America Information Technology 
> IS Analyst
> 
> 
> 
> The information contained in this e-mail is for the exclusive use of the 
> intended recipient(s) and may be confidential, proprietary, and/or
> legally 
> privileged.  Inadvertent disclosure of this message does not constitute a 
> waiver of any privilege.  If you receive this message in error, please do 
> not directly or indirectly use, print, copy, forward, or disclose any
> part 
> of this message.  Please also delete this e-mail and all copies and
> notify 
> the sender.  Thank you. 
> 
> For alternate languages please go to http://bayerdisclaimer.bayerweb.com
> 
> 
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx 
> http://www.wireshark.org/mailman/listinfo/wireshark-users
> 
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
> 
-- 
  Hans Nilsson
  hasse_gg@xxxxxxxx

-- 
http://www.fastmail.fm - Access all of your messages and folders
                          wherever you are
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube